Detecting and tracking virtual containers

ABSTRACT

Examples of techniques for detecting and tracking virtual containers are disclosed. In one example implementation according to aspects of the present disclosure, a computer-implemented method includes detecting a virtual container. The method further includes collecting virtual container data for the virtual container. The method also includes associating, by a processing device, the virtual container to at least one of a plurality of images. Additionally, the method includes building, by the processing device, a container event database based on the virtual container data and the association of the virtual container to the at least one of the plurality of images, so as to enable tracking of software in the plurality of images and in live virtual containers.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No. 15/212,435, filed on Jul. 18, 2016, which is a continuation of U.S. patent application Ser. No. 14/990,182, filed on Jan. 7, 2016, which issued as U.S. Pat. No. 9,396,251 on Jul. 19, 2016, the entire contents of both applications are herein expressly incorporated by reference in their entirety for all purposes.

BACKGROUND

The present disclosure relates generally to software management and, more particularly, to detecting and tracking virtual containers and building a database of associations among the containers, container histories, and installable components.

Current techniques for software license management scan for software on systems periodically (e.g., once per year) using file and registry based systems. These techniques rely on licensable software components being visible to the scanning tool.

It may take weeks or months to reconcile an environment, which may be acceptable in environments with licensing postures that are unlikely to change during the reconciliation. However, software asset management (SAM) processes and tools have not evolved to adequately detect and track software licenses in a cloud environment, which may utilize rapid and API driven provisioning, deprovisioning, and auto-scaling.

Moreover, existing SAM processes and tools do not adequately handle containerization techniques used in cloud computing. Containers provide the ability for software applications to be licensable in predefined container templates known as images. These images can be checked into a repository and run, as containers, on computing hosts. For example, a user can create, run, and destroy a licensable unit of software, which would go undetected by traditional SAM processes. Additionally, images can be created and recreated in many different ways, which makes it more difficult to identify future images that might run in an environment.

Container-enabled computing hosts that are capable of running containers based on image templates utilize container engines to create, start, stop, and destroy containers. Even using a container cluster, each host utilizes its own container engine to report on container-related events.

SUMMARY

In accordance with aspects of the present disclosure, a computer-implemented method for detecting and tracking virtual containers is provided. The method includes detecting a virtual container. The method further includes collecting virtual container data for the virtual container. The method also includes associating, by a processing device, the virtual container to at least one of a plurality of images. Additionally, the method includes building, by the processing device, a container event database based on the virtual container data and the association of the virtual container to the at least one of the plurality of images, so as to enable tracking of software in the plurality of images and in live virtual containers.

In accordance with additional aspects of the present disclosure, a system for detecting and tracking virtual containers is provided. The system includes a processor in communication with one or more types of memory. The processor is configured to detect a virtual container. The processor is further configured to collect virtual container data for the virtual container. The processor is also configured to associate the virtual container to at least one of a plurality of images. Additionally, the processor is configured to build a container event database based on the virtual container data and the association of the virtual container to the at least one of the plurality of images, so as to enable tracking of software in the plurality of images and in live virtual containers.

In accordance with yet additional aspects of the present disclosure, a computer program product for detecting and tracking virtual containers is provided. The computer program product comprises a non-transitory storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes detecting a virtual container. The method further includes collecting virtual container data for the virtual container. The method also includes associating, by a processing device, the virtual container to at least one of a plurality of images. Additionally, the method includes building, by the processing device, a container event database based on the virtual container data and the association of the virtual container to the at least one of the plurality of images, so as to enable tracking of software in the plurality of images and in live virtual containers.

In accordance with other aspects of the present disclosure, a computer-implemented method for detecting and tracking virtual containers is provided. The method includes detecting, by a processing device, a virtual container event. The method also includes creating a virtual container record in a database. The method further includes detecting, by the processing device, a start event of the virtual container and recording a start time of the start event in the database. Additionally, the method includes detecting, by the processing device, a stop event of the virtual container and recording a stop time of the stop event in the database. Finally, the method includes presenting the database as an event log, so as to enable tracking of software in a plurality of images and in live virtual containers.

In accordance with yet additional aspects of the present disclosure, a system for detecting and tracking virtual containers is provided. The system includes a processor in communication with one or more types of memory. The processor is configured to: detect a virtual container event, create a virtual container record in a database, detect a start event of the virtual container and recording a start time of the start event in the database, detect a stop event of the virtual container and recording a stop time of the stop event in the database, and presenting the database as an event log, so as to enable tracking of software in a plurality of images and in live virtual containers.

The present techniques for detecting and tracking virtual containers provide the advantage of managing a containerized environment by tracking software “at rest” in container images and software “in motion” running in live containers. This visibility provides data to optimize software license spend and mitigate compliance risk.

In additional aspects of the present techniques, collecting the virtual container data may include detecting a start and a stop of the virtual container, recording a start timestamp associated with the start of the virtual container and a stop timestamp associated with the stop of the virtual container, and calculating a usage duration of the virtual container, the usage duration being the difference between the start timestamp and the stop timestamp. This provides the advantage of continued tracking and monitoring of additional virtual containers as they are created, used, modified, and/or destroyed.

Additional aspects of the present techniques may include detecting additional virtual containers, collecting virtual container data for the additional virtual containers, and associating the additional virtual containers with at least one of the plurality of images. This provides the advantage of continued tracking and monitoring of additional virtual containers as they are created, used, modified, and/or destroyed.

Additional aspects of the present techniques may include reporting a licensing violation when it is determined that a license quantity stored in a software license database is exceeded. This provides the advantage of facilitating compliance with software licensing guidelines by a software licensee and compliance monitoring by a software licensor.

BRIEF DESCRIPTION OF THE DRAWINGS

The subject matter which is regarded as the invention is particularly pointed out and distinctly claimed in the claims at the conclusion of the specification. The forgoing and other features, and advantages thereof, are apparent from the following detailed description taken in conjunction with the accompanying drawings in which:

FIG. 1 illustrates a block diagram of a processing system for implementing the techniques described herein according to examples of the present disclosure;

FIG. 2 illustrates a block diagram of a processing system for detecting and tracking virtual containers according to examples of the present disclosure;

FIG. 3 illustrates a flow diagram of a method for detecting and tracking virtual containers according to examples of the present disclosure;

FIG. 4 illustrates a flow diagram of a method for detecting and tracking virtual containers according to examples of the present disclosure;

FIG. 5 illustrates a block diagram of a container image history according to examples of the present disclosure;

FIG. 6 illustrates a table of an event log according to aspects of the present disclosure;

FIG. 7 illustrates a cloud computing environment according to examples of the present disclosure; and

FIG. 8 illustrates abstraction model layers according to examples of the present disclosure.

DETAILED DESCRIPTION

Various implementations are described below by referring to several examples of detecting and tracking virtual containers. The present techniques build and use a repository of container templates (i.e., images) along with a link to an associated “parent” image. This effectively builds a tree-like structure, an example of which is illustrated in FIG. 5. Inspecting the image history enables a licensing administrator to declare and associate an image with an installable component from a software licensing repository. This link enables the detection and tracking both installation and usage of licensable software components. Utilizing this association enables identifying future images that build off previous images as part of this piece of licensable software.

In some implementations the following advantages may be provided. For example, the present techniques for detecting and tracking virtual containers provide the ability to manage a containerized environment by tracking software “at rest” in container images and software “in motion” running in live containers. This visibility provides data to optimize software license spend and mitigate compliance risk. The present techniques enable the continued tracking and monitoring of additional virtual containers as they are created, used, modified, and/or destroyed. Additionally, the present techniques enable compliance with software licensing guidelines by a software licensee and compliance monitoring by a software licensor. The present techniques also provide for rapid and API driven provisioning, de-provisioning, and auto-scaling, which is especially beneficial when containers can be created, started, stopped, and destroyed frequently and rapidly. Moreover, the present techniques provide a virtual container detection and tracking engine that need not be running on each host computing device executing the virtual containers. This engine collects image IDs across multiple hosts and builds history trees and associations to known installable software components (i.e., images), which relate back to licensable software components. These and other advantages will be apparent from the description that follows.

FIG. 1 illustrates a block diagram of a processing system 100 for implementing the techniques described herein. In examples, the processing system 100 has one or more central processing units (processors) 101 a, 101 b, 101 c, etc. (collectively or generically referred to as processor(s) 101). In aspects of the present disclosure, each processor 101 may include a reduced instruction set computer (RISC) microprocessor. Processors 101 are coupled to system memory (e.g., random access memory (RAM) 114 and various other components via a system bus 113. Read only memory (ROM) 102 is coupled to the system bus 113 and may include a basic input/output system (BIOS), which controls certain basic functions of the processing system 100.

FIG. 1 further illustrates an input/output (1/0) adapter 107 and a communications adapter 106 coupled to the system bus 113. 1/0 adapter 107 may be a small computer system interface (SCSI) adapter that communicates with a hard disk 103 and/or tape storage drive 105 or any other similar component. 1/0 adapter 107, hard disk 103, and tape storage device 105 are collectively referred to herein as mass storage 104. Operating system 120 for execution on the processing system 100 may be stored in mass storage 104. A network adapter 106 interconnects bus 113 with an outside network 116 enabling the processing system 100 to communicate with other such systems.

A screen (e.g., a display monitor) 115 is connected to system bus 113 by display adaptor 112, which may include a graphics adapter to improve the performance of graphics intensive applications and a video controller. In one aspect of the present disclosure, adapters 106, 107, and 112 may be connected to one or more I/O busses that are connected to system bus 113 via an intermediate bus bridge (not shown). Suitable I/0 buses for connecting peripheral devices such as hard disk controllers, network adapters, and graphics adapters typically include common protocols, such as the Peripheral Component Interconnect (PCI). Additional input/output devices are shown as connected to system bus 113 via user interface adapter 108 and display adapter 112. A keyboard 109, mouse 110, and speaker 111 all interconnected to bus 113 via user interface adapter 108, which may include, for example, a Super 1/0 chip integrating multiple device adapters into a single integrated circuit.

In some aspects of the present disclosure, the processing system 100 includes a graphics processing unit 130. Graphics processing unit 130 is a specialized electronic circuit designed to manipulate and alter memory to accelerate the creation of images in a frame buffer intended for output to a display. In general, graphics processing unit 130 is very efficient at manipulating computer graphics and image processing, and has a highly parallel structure that makes it more effective than general-purpose CPUs for algorithms where processing of large blocks of data is done in parallel.

Thus, as configured in FIG. 1, the processing system 100 includes processing capability in the form of processors 101, storage capability including system memory 114 and mass storage 104, input means such as keyboard 109 and mouse 110, and output capability including speaker 111 and display 115. In some aspects of the present disclosure, a portion of system memory 114 and mass storage 104 collectively store an operating system such as the AIX® operating system from IBM Corporation to coordinate the functions of the various components shown in FIG. 1.

FIG. 2 illustrates a block diagram of a processing system for detecting and tracking virtual containers according to examples of the present disclosure. The various components, modules, engines, etc. described regarding FIG. 2 may be implemented as instructions stored on a computer-readable storage medium, as hardware modules, as special-purpose hardware (e.g., application specific hardware, application specific integrated circuits (ASICs), as embedded controllers, hardwired circuitry, etc.), or as some combination or combinations of these. In examples, the engine(s) described herein may be a combination of hardware and programming. The programming may be processor executable instructions stored on a tangible memory, and the hardware may include processing device 201 for executing those instructions. Thus system memory 114 of FIG. 1 can be said to store program instructions that when executed by processing device 201 implement the engines described herein. Other engines may also be utilized to include other features and functionality described in other examples herein.

Processing system 200 may include processing device 201, virtual container detection and tracking engine 202, and container event database (DB) 204. Alternatively or additionally, the processing system 200 may include dedicated hardware, such as one or more integrated circuits, Application Specific Integrated Circuits (ASICs), Application Specific Special Processors (ASSPs), Field Programmable Gate Arrays (FPGAs), or any combination of the foregoing examples of dedicated hardware, for performing the techniques described herein.

Virtual container detection and tracking engine 202 detects virtual containers, collects virtual container data, associates the virtual container to an image, and builds container event DB 204 using the virtual container data and associations between the virtual container and image. In examples, virtual container detection and tracking engine 202 monitors a container engine of a computing host to detect the virtual containers. Detecting the virtual containers may include detecting a creation event (e.g., the creation of a virtual container) and/or a run event (e.g., the running of a virtual container).

Additionally, virtual container detection and tracking engine 202 collects virtual container data from the container engine of the computing host. In examples, virtual container data may include an image ID, a container ID, an action, an action time, a usage duration, and/or a license quantity.

Virtual container detection and tracking engine 202 also associates the virtual container to an image. To do this, virtual container detection and tracking engine 202 may utilize a container image history that may be built by the virtual container detection and tracking engine 202 or may be preexisting.

Further, virtual container detection and tracking engine 202 builds container event DB 204 using the collected virtual container data and the association between the virtual container and the image. In examples, such a container event DB may be displayed to a user as an event log such as shown in event log 600 of FIG. 6.

FIG. 3 illustrates a flow diagram of a method 300 for detecting and tracking virtual containers according to examples of the present disclosure. The method 300 starts at block 302 and continues to block 304.

At block 304, the method 300 includes detecting a virtual container. The virtual container may be detected by container engine 202 of processing system 200 of FIG. 2, for example, such as when the virtual container is created. In additional examples, the virtual container may also be detected when it is started.

At block 306, the method 300 includes collecting virtual container data for the virtual container. In examples, collecting the virtual container data may include detecting a start and a stop of the virtual container. Collecting the virtual container data may also include recording a start timestamp associated with the start of the virtual container and a stop timestamp associated with the stop of the virtual container. Additionally, collecting the virtual container data may include calculating a usage duration of the virtual container. The usage duration is the difference between the start timestamp and the stop timestamp and is indicative of how long the virtual container was in use.

In examples, the virtual container data may include at least one of the following: an image ID, a container ID, an action (e.g., create container, start container, stop container, destroy container, etc.), an action time (e.g., the creation time of the container, the start time of the container, the stop time of the container, the destruction time of the container, etc.), a usage duration, and a license quantity (e.g., how many containers are using a license for a particular image).

At block 308, the method 300 includes associating the virtual container to at least one of a plurality of images. In examples, a virtual container may be associated with an image that serves as a predefined container template. That is, the image serves as a base image. New images can be created from the base image.

At block 310, the method 300 includes building a container event database (e.g., container event DB 204 of FIG. 2 or container event DB 450 of FIG. 4). The container event database may be based on the virtual container data and the association of the virtual container to the at least one of the plurality of images. The information contained in the container event database may be represented as an event log (e.g., event log 600 of FIG. 6). In additional examples, the method 300 further comprises building a container image history (e.g., container image history 500 of FIG. 5). The method 300 continues to block 312 and ends.

Additional processes also may be included. For example, the method 300 may include detecting additional virtual containers, collecting virtual container data for the additional virtual containers, and associating the additional virtual containers with at least one of the plurality of images. Additionally, the method 300 may include modifying the container event database based on the virtual container data of the additional virtual containers and the association of the additional virtual containers to the at least one of the plurality of images. In this way, the method 300 may continue to detect and track virtual containers as they are created, utilized, modified, and destroyed.

In yet additional examples, the method 300 may include reporting a licensing violation when it is determined that a license quantity limit stored in a software license database is exceeded. This enables the present techniques to report licensing violations when they occur as opposed to waiting for periodic licensing audits. It should be understood that the processes depicted in FIG. 4 represent illustrations, and that other processes may be added or existing processes may be removed, modified, or rearranged without departing from the scope and spirit of the present disclosure.

FIG. 4 illustrates a flow diagram of a method 400 for detecting and tracking virtual containers according to examples of the present disclosure. The method 400 starts at block 402 and continues to block 404.

At block 404, the method 400 detects a container event such as by monitoring a container engine of a host computing device. At block 406, the method 400 includes determining whether the detected container event is a run event (e.g., a container is run or stopped) or a create event (e.g., a container is created or destroyed).

If a run event is detected at block 406, the method 400 continues to decision block 408 where it is determined whether the run event is a start event or a stop event. If the run event is a start event, the method 400 records a start timestamp at block 410 and stores the start timestamp in container event database (DB) 450. However, if the run event is a stop event, the method 400 records the stop timestamp at block 412 and stores the stop timestamp in container event DB 450. The method 400 then continues to block 414 and submits a usage duration (e.g., the different between the start timestamp and stop timestamp) using information retrieved from container event DB 450. The method 400 then continues to block 440, discussed below.

If a create event is detected at block 406, the method 400 continues to block 420 where it is determined whether the create event is a create event or a destroy event. If the create event is a create event, the method 400 then determines whether an image associated with the virtual container is known or unknown at block 422. If the image is unknown, the method 400 includes looking up the image in an image history (e.g., container image history 500 of FIG. 5) at block 424 and submitting the image history for submission at block 426. After submitting the image history for submission at block 426, or if the image history is determined to be known at block 422, the method 400 creates a virtual container record by inserting the image ID and container ID of the created virtual container into container event DB 450, as shown at block 428. Additionally, after submitting the image history to the submission queue at block 426, the method 400 continues to block 440.

If, at block 420, it is determined that the create event is a destroy event, the method 400 continues to block 430 and removes the image ID and the container ID for the virtual container from container event DB 450.

At block 440, the method 400 includes queuing up data for submission, such as to a software licensing authority or administrator. The data may be presented as event log 600 of FIG. 6. The data is retrieved from container event DB 450. In examples, additional data (such as licensing quantity and mapped components) is included and may be retrieved from a software license database. This data may be used, for example, to relate purchased products to their entitlement and to their installable components. This enables the present techniques to build a relationship between the virtual containers and existing software components in the software license database. This link enables the new virtual container data (along with the image hierarchy and history) and usage data of the virtual containers to be processed like any other software discovery data source. The method 400 continues to block 442 and ends.

Additional processes also may be included, and it should be understood that the processes depicted in FIG. 4 represent illustrations, and that other processes may be added or existing processes may be removed, modified, or rearranged without departing from the scope and spirit of the present disclosure.

FIG. 5 illustrates a block diagram of a container image history 500 according to examples of the present disclosure. Container image history 500 begins with a base image (i.e., image A 502). In examples, image A 502 represents a file system with a first folder. Image B 512, image C 514, and imageD 516 are built from image A 502 and may include an addition to image A 502, such as an additional folder or other aspects or features. Image E 522 and image F 524 are built from image B 512.

Continuing from imageD 516, image G 526 is built. In examples, image G526 is built from imageD 516 and includes an application such as a WebSphere Liberty application. Image H 532 is built from image G 526. Similarly, image I 542, image J 544, image K 546, and image L 548 are built from image H 532, and image M 552 is built from image J 544.

The connections between the images illustrate the historical development of the images as one image is built from another image. In examples, each of the images has an image ID. As new images are implemented, the new images may be added to the container image history 500.

In examples, the container image history 500 is generated as a composite over time of data generated as a result of collecting virtual container data from multiple processing systems. For example, multiple processing systems (e.g., processing system 200 of FIG. 2), each with virtual container detection and tracking engines, may collect virtual container data, which may be consolidated and used to generate the container image history 500.

FIG. 6 illustrates a table of an event log 600 according to aspects of the present disclosure. Event log 600 may be an example of a visual representation of data stored a container event database as described herein and may contain data relating to virtual containers and images. In particular, the present example of FIG. 6, event log 600 comprises image IDs, container IDs, actions, a time the action occurred, a mapped component, and a license quantity. The image ID represents an ID of the image associated with a detected virtual container, which is represented by the container ID. The action represents the type of action detected (e.g., create, start, stop, destroy, etc.) while the time represents the time the action occurred.

In examples, the mapped component and the license quantity are retrieved from a software license database that stores data relating to software licenses. For example, the software license database may include software that is licensed (i.e., “mapped component”) and a license quantity limit (i.e., “license quantity”) that indicates the number of licenses that are permissible. The mapped component illustrated in event log 600 represents the licensed product that is utilized by the container, and the license quantity is a total of the number of containers using a particular licensed product.

It is understood in advance that the present disclosure is capable of being implemented in conjunction with any other type of computing environment now known or later developed. In examples, the present disclosure may be implemented on cloud computing.

Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service. This cloud model may include at least five characteristics, at least three service models, and at least four deployment models.

Characteristics are as follows:

On demand self-service: a cloud consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with the service's provider.

Broad network access: capabilities are available over a network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to demand. There is a sense of location independence in that the consumer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.

Measured service: cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based e-mail). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated sole for an organization. It may be managed by the organization or a third party and may exist on premises or off premises.

Community cloud: the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

A cloud computing environment is service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability. At the heart of cloud computing is an infrastructure comprising a network of interconnected nodes.

Referring now to FIG. 7, illustrative cloud computing environment 50 is illustrated. As shown, cloud computing environment 50 comprises one or more cloud computing nodes 10 with which local computing devices used by cloud consumers, such as, for example, personal digital assistant (PDA) or cellular telephone 54A, desktop computer 54B, laptop computer 54C, and/or automobile computer system 54N may communicate. Nodes 10 may communicate with one another. They may be grouped (not shown) physically or virtually, in one or more networks, such as Private, Community, Public, or Hybrid clouds as described hereinabove, or a combination thereof. This allows cloud computing environment 50 to offer infrastructure, platforms and/or software as services for which a cloud consumer does not need to maintain resources on a local computing device. It is understood that the types of computing devices 54A-N shown in FIG. 7 are intended to be illustrative only and that computing nodes 10 and cloud computing environment 50 can communicate with any type of computerized device over any type of network and/or network addressable connection (e.g., using a web browser).

Referring now to FIG. 8, a set of functional abstraction layers provided by cloud computing environment 50 (FIG. 7) is shown. It should be understood in advance that the components, layers, and functions shown in FIG. 8 are intended to be illustrative only and embodiments of the invention are not limited thereto. As illustrated, the following layers and corresponding functions are provided:

Hardware and software layer 60 includes hardware and software components. Examples of hardware components include: mainframes 61; RISC (Reduced Instruction Set Computer) architecture based servers 62; servers 63; blade servers 64; storage devices 65; and networks and networking components 66. In some embodiments, software components include network application server software 67 and database software 68.

Virtualization layer 70 provides an abstraction layer from which the following examples of virtual entities may be provided: virtual servers 71; virtual storage 72; virtual networks 73, including virtual private networks; virtual applications and operating systems 74; and virtual clients 75.

In one example, management layer 80 may provide the functions described below. Resource provisioning 81 provides dynamic procurement of computing resources and other resources that are utilized to perform tasks within the cloud computing environment. Metering and Pricing 82 provide cost tracking as resources are utilized within the cloud computing environment, and billing or invoicing for consumption of these resources. In one example, these resources may comprise application software licenses. Security provides identity verification for cloud consumers and tasks, as well as protection for data and other resources. User portal 83 provides access to the cloud computing environment for consumers and system administrators. Service level management 84 provides cloud computing resource allocation and management such that required service levels are met. Service Level Agreement (SLA) planning and fulfillment 85 provides pre-arrangement for, and procurement of, cloud computing resources for which a future requirement is anticipated in accordance with an SLA.

Workloads layer 90 provides examples of functionality for which the cloud computing environment may be utilized. Examples of workloads and functions which may be provided from this layer include: mapping and navigation 91; software development and lifecycle management 92; virtual classroom education delivery 93; data analytics processing 94; transaction processing 95; and detecting and tracking virtual containers 96.

The present techniques may be implemented as a system, a method, and/or a computer program product. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present disclosure.

The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing. A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.

Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network. The network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.

Computer readable program instructions for carrying out operations of the present disclosure may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). In some examples, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present disclosure.

Aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to aspects of the present disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.

These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various aspects of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions. 

What is claimed is:
 1. A computer-implemented method for detecting and tracking a plurality of virtual containers, the method comprising: determining, via a processing device, whether an event associated with a virtual container of the plurality of virtual containers is a create event, wherein the virtual container corresponds to a set of images; determining, via the processor, a base image from which the set of images are related to in a hierarchical tree; determining, via the processing device, one or more known images of the set of images based at least on the hierarchical tree and the base image; and creating, via the processing device, a virtual container record for each of the one or more known images by inserting an image ID and a container ID into a container event database.
 2. The computer-implemented method of claim 1, further comprising detecting the event associated with the virtual container by monitoring a container engine of a host computing device.
 3. The computer-implemented method of claim 1, wherein each virtual container of the plurality of virtual containers corresponds to a respective virtual container record in the container event database.
 4. The computer-implemented method of claim 1, further comprising determining, via the processing device, whether the event associated with the virtual container is a destroy event.
 5. The computer-implemented method of claim 4, further comprising, removing, via the processing device, the image ID and the container ID of the destroy event from the container event database.
 6. The computer-implemented method of claim 1, further comprising determining, via the processing device, one or more unknown images of the set of images based at least on the hierarchical tree and the base image.
 7. The computer-implemented method of claim 6, further comprising looking up the one or more unknown images, via the processing device, in the container event database.
 8. The computer-implemented method of claim 7, wherein looking up the one or more unknown images comprises submitting an image history of each of the one or more unknown images to a submission queue, wherein the image history corresponds to a portion of the hierarchical tree associated with each of the one or more unknown images.
 9. The computer-implemented method of claim 1, further comprising submitting data indicative of the event to a software licensing authority.
 10. The computer-implemented method of claim 1, further comprising submitting a subset of the container event database to a software licensing authority, an administrator, or a combination thereof.
 11. The computer-implemented method of claim 10, wherein submitting the subset of the container event database comprises submitting an event log of the event to the software licensing authority, the administrator, or the combination thereof.
 12. A system for detecting and tracking virtual containers, the system comprising: a processor in communication with one or more memory devices, wherein the processor is configured to: determine whether an event associated with a virtual container of the plurality of virtual containers is a create event, wherein the virtual container corresponds to a set of images; determine a base image from which the set of images are related to in a hierarchical tree; determine one or more known images of the set of images based at least on the hierarchical tree and the base image; and create a virtual container record for each of the one or more known images by inserting an image ID and a container ID into a container event database.
 13. The system of claim 12, wherein the container ID is configured to facilitate identification of the virtual container.
 14. The system of claim 12, wherein the image ID is an identification configured to facilitate identification of the set of images.
 15. The system of claim 12, wherein the processor is further configured to: determine whether the event associated with the virtual container is a destroy event; and remove the image ID and the container ID of the destroy event from the container event database.
 16. The system of claim 12, wherein the processor is further configured to: determine one or more unknown images of the set of images based at least on the hierarchical tree and the base image; and look up the one or more unknown images in the container event database.
 17. A computer program product for detecting and tracking virtual containers, the computer program product comprising: a non-transitory storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising: determining whether an event associated with a virtual container of the plurality of virtual containers is a create event, wherein the virtual container corresponds to a set of images; determining a base image from which the set of images are related to in a hierarchical tree; determining one or more known images of the set of images based at least on the hierarchical tree and the base image; and creating a virtual container record for each of the one or more known images by inserting an image ID and a container ID into a container event database.
 18. The computer program product of claim 17, wherein the method further comprises: determining whether the event associated with the virtual container is a destroy event; and removing the image ID and the container ID of the destroy event from the container event database.
 19. The computer program product of claim 17, wherein the method further comprises: determining one or more unknown images of the set of images based at least on the hierarchical tree and the base image; and looking up the one or more unknown images in the container event database.
 20. The computer program product of claim 17, wherein the method further comprises reporting a licensing violation when it is determined that a license quantity limit stored in a software license database is exceeded. 